Thank you

Sorry

Cisco Systems has patched a critical vulnerability that could allow hackers to gain access to Cisco Meeting and Acano servers that are used in enterprise environments for video and audio conferencing.

The flaw allows an unauthenticated attacker to masquerade as a legitimate user because the Extensible Messaging and Presence Protocol (XMPP) service incorrectly processes a deprecated authentication scheme, Cisco said in an advisory.

The flaw affects Cisco Meeting Server versions prior to 2.0.6 with XMPP enabled, as well as versions of the Acano Server prior to 1.8.18 and prior to 1.9.6. If upgrading to the latest releases is not immediately possible, administrators are advised to disable XMPP on their servers and keep using the other available protocols.

All of these vulnerabilities are rated as medium severity and patches are available to fix them. However, the company also warned customers about a cross-site request forgery vulnerability in the Cisco Finesse Agent and Supervisor Desktop Software that does not yet have a fix or a workaround.

Cisco has also been investigating the impact of recent vulnerabilities found in OpenSSL to its products and released software updates for a large number of them that incorporate the OpenSSL patches.